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Objective 


This Charter provides a framework for the conduct of Internal Audit in the Australia Post 
Group (Group) and is approved by the Australia Post Board. 


Role 


Internal Audit is an independent, objective assurance and consulting function designed to 
add value and improve the organisation’s operations including the internal control 
environment. It assists the organisation to accomplish its objectives by bringing a 
systematic, disciplined, third line of defence to the evaluation of internal processes and 
controls, and improve the adequacy, effectiveness and efficiency of the risk, control and 
governance processes. 


Authority 


The General Manager Internal Audit is authorised to direct a broad, comprehensive 
program of internal auditing within the organisation. Internal Audit staff are authorised to 
have full, free and unrestricted access to the Board, the Group Chief Executive Officer and 
Managing Director, all functions, property, personnel, records, accounts, files and other 
documentation to enable Internal Audit to carry out its functions and activities. 


The General Manager Internal Audit has the authority to initiate audit reviews and 
investigations based upon their professional judgement, beyond the immediate scope of 
the approved Internal Audit program. 


Internal Audit may conduct audits of joint ventures to the extent permitted under the 
terms of the relevant shareholder agreement or to the extent that the joint venture 
company consents to the audit. 


Information accessed in the course of internal audit work is used strictly for Internal Audit 
purposes. The General Manager Internal Audit and staff are responsible for the 
confidentiality of the information they receive. 


Independence & Objectivity 


Internal Audit is independent to line management. It has no direct authority over the 
activities it reviews — this independence from operating management is essential for 
Internal Audit staff to be objective in the conduct of reviews. The internal audit activity will 
remain free from interference by any element in the organization, including matters of 
audit selection, scope, procedures, frequency, timing, or report content to permit 
maintenance of a necessary independent and objective attitude. 


Internal Audit does not design, develop or implement procedures or systems and does not 
prepare records or engage in front line processing functions. 
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From an administrative perspective, Internal Audit is part of the Finance and Commercial 
Services business unit. From a functional perspective, Internal Audit reports to the Audit & 
Risk Committee (Committee). This is to ensure a broad range of audit coverage and 
adequate consideration of audit reports and management action on audit 
recommendations. Private session meetings will be held between the General Manager 
Internal Audit and the Committee without management present. 


A review by Internal Audit does not in any way relieve Group officers of their individual 
responsibilities for implementing and maintaining effective systems to manage risk and 
monitor and control organisation activities and practices. 


Protocols will be in place, and approved by the Committee annually, to oversee the 
independence and objectivity of the co-source partner, or any other third-party provider to 
the internal audit function. 


Responsibility 


Internal Audit provides assurance over the effectiveness and efficiency of the control 
environment, using a risk-based auditing methodology focussing on material risk 
mitigation, organisational processes, programs/projects and strategic initiatives. 


Internal Audit will play an active role in helping the Group: 


e maintain a culture of accountability, integrity and adherence to the Group’s ethical 
standards; and 


e promote the integration of risk management into the business as usual activities, 
processes and programs. 


The Committee’s endorsement is required for the Internal Audit Charter, while the 
Committee’s approval is required for the risk-based Internal Audit annual plan. 


Standards 


Internal Audit will govern itself by adherence to the Institute of Internal Auditors’ 
mandatory guidance which includes the Core Principles for the Professional Practice of 
Internal Auditing, the Code of Ethics, the International Standards for the Professional 
Practice of Internal Auditing, and the Definition of Internal Auditing. The mandatory 
guidance constitutes the fundamental requirements for the professional practice of 
internal auditing, and the principles against which to evaluate the effectiveness of Internal 
Audit performance. 


All audit activities are conducted in accordance with Group values, policies, and 
procedures including the: 


e International Professional Practice Framework (IPPF) of Internal Auditing issued by 
the Institute of Internal Auditors; 
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e Information Technology Assurance Framework; and 


e Audit Practice statements as appropriate to internal auditing of CPA Australia and 
Chartered Accountants Australia and New Zealand. 


Audit Plan 


An Internal Audit Plan (Plan) for the Group will be prepared for approval by the Committee 
at the June meeting. The Plan will be prepared in consultation with the Executive Team to 
ensure alignment of the Plan against material risks, strategic objectives, and key 
processes of the business. The Plan will include some flexibility to ensure the Internal 
Audit team can absorb ad hoc requests or re-prioritisation. 


Internal Audit will continually assess the Plan ensuring that any changes to, or emerging 
significant risks (arising from external and internal factors such as changes in regulation, 
processes, systems and new products, mergers and restructures) are evaluated and 
factored into the Plan as considered appropriate. Internal Audit may perform special tasks 
or ad hoc reviews, whether assurance or consulting based, as requested by the Committee 
and the Executive Team. 


The Committee will regularly review the Plan against actual audit performance. 
Any necessary amendments, including audits that are removed or significantly modified, to 
the Plan will be submitted to next Committee meeting for consideration and approval. 


Internal Audit will establish and maintain an open relationship with the external auditor and 
any other assurance providers. Internal Audit will consider the work of other assurance 
providers and activities to provide an integrated annual Plan that minimises duplication of 
assurance effort. 


External auditors have full and free access to all Internal Audit plans and reports. 
Audit Scope 


The scope of Internal Audit encompasses the examination and evaluation of the adequacy, 
effectiveness and efficiency of the systems of internal control within the Group, and the 
risk-assessed ability to achieve the organisation’s stated goals and objectives 


Activities are designed to evaluate: 


e material risks have been appropriately identified, assessed and managed; 
e governance processes are operating effectively; 


e — significant information, whether financial, managerial or operating, is accurate, 
reliable and timely; 


e resources are used effectively and efficiently and are adequately protected; and 
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e activities are in compliance with Group policies and procedures which are designed to 
comply with industry standards, legislation and regulations. 


Internal Audit reviews cover all activities of the Group together with controlled entities and 
their commercial activities. It involves the review of all operations (financial and non- 
financial), either manual or computerised. 


The scope of audit engagements is aligned to the key financial, operational, compliance 
and strategic risks of the Group. 


Whilst maintaining independence, Internal Audit may undertake management requests 
(formal and informal) including reviews subject to scope and deliverables as well as 
participation on standing committees, projects, ad hoc meetings and information 
exchange. Internal Audit can conduct or assist in the investigation of suspected fraudulent 
activities within the Group. 


Reporting 


At the conclusion of a review, a report will be issued. The report will present the objectives 
and scope, the outcome(s) and a timetable for addressing observations and actioning 
recommendations arising from the review. Reporting will be escalated to a level 
consistent with the internal audit assessment of risk and controls. 


The General Manager Internal Audit will submit a report to the Committee summarising all 
review activities undertaken during the quarter and will include significant risk exposures 
and control issues, including fraud risks, governance issues, and other matters needed or 
requested by the Board. This report will include: 


e reviews completed or in progress; 

e outcomes of each review undertaken and significant actions to be taken; 
e the status of previously raised medium or higher rated actions; 

e remedial action taken; and 


e any changes to the Plan. 


Quality Assurance 


The General Manager Internal Audit will establish and maintain a quality assurance 

program to evaluate the operations of the Internal Audit services. The purpose is to 
provide assurance that all review work conforms to relevant auditing standards, the 
Internal Audit Charter, and is cost effective and efficient. 


The quality assurance program will incorporate benchmarking against other internal audit 
functions across industry including a periodic external ‘peer’ review of the Internal Audit 
function. 


06 


11 


11.1 


11.2 


11.3 


12 


12.1 


12.2 


12.3 


12.4 


13 


13.1 


13.2 


13.3 


People 


The appointment, dismissal or replacement of the General Manager Internal Audit is the 
responsibility of the Group Chief Executive Officer and Managing Director in consultation 
with the Committee. 


Selection, promotion, performance assessment and professional development of Internal 
Audit staff are the responsibilities of the General Manager Internal Audit in consultation 
with the Group Chief Financial Officer. 


The General Manager Internal Audit in conjunction with the Committee Chair, will ensure 
that the Internal Audit function is resourced appropriately to execute the approved Plan. 


Conflicts of Interest 


A Conflict of interest is when an Internal Auditor has a potential, actual or perceived 
competing professional or personal interest. Such competing interests can make it difficult 
to fulfil internal audit duties impartially. 


Directly employed internal auditors must comply with the Group’s Conflict of Interest 
policy as well as the IPPF. 


All externally engaged internal auditors, including the co-sourced partner, must comply 
with the Conflict of Interest requirements stated in the supplier contract as well as the 
IPPF. 


Processes to manage Conflict of Interest for internal audit are contained in the Australia 
Post Internal Audit Manual. 


Other 


This Charter will be reviewed annually in alignment with the Audit and Risk Committee 
Charter to ensure a ‘fit for purpose’ level of cost effective, value-added internal audit 
service is provided to the corporation. Any proposed changes to the Charter will be 
presented to the Committee for endorsement prior to Board approval. 


The Internal Audit team maintains a budget to ensure extra capacity or capability can be 
sourced as required to execute the Plan. 


Internal Audit has a co-source partner. Where necessary, Internal Audit may broker the 
services of independent external providers when niche or specific industry knowledge is 
required to conduct a review where that expertise is not held within the Internal Audit team 
or its co-sourced partner (or where the co-sourced partner has a conflict of interest), to 
ensure the review is effective. 
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